[dm-crypt] Alternate KDFs (Key Derivation Functions) in cryptsetup

Mike mwra.mwra at gmail.com
Fri Jun 21 03:14:28 CEST 2013


Hey Milan,

Thanks for responding. I'll take a look at what different libraries are
available and see if I can incorporate them instead. Scrypt has been
published by the IETF in a standardized format (
http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01), but I believe it
is still in draft status. Thanks for considering any contributions, and
thanks for the great work you've done so far on cryptsetup.

Mike


On Tue, Jun 18, 2013 at 6:39 AM, Milan Broz <gmazyland at gmail.com> wrote:

> On 18.6.2013 1:47, Mike wrote:
> > Hi,
> >
> > I started some work on adding changes to the cryptsetup code to allow
> > for the use of different KDFs during key derivation, as it's a
> > feature I believe would be useful. I was thinking of adding both
> > bcrypt and scrypt as available alternative KDFs that the user may
> > choose from.  As I didn't wish to alter the current header structure,
> > if there's a different KDF used during format, that KDF would have to
> > be specified during volume open, as well any other relevant
> > operations.
> >
> > If I created a patch for all the changes and submitted them for
> > review, would there be an interest in incorporating them into the
> > main cryptsetup branch? I've already incorporated the scrypt
> > reference implementation into the cryptsetup codebase and confirmed
> > that the official test vectors match the output. I would also be
> > interested in helping out with any other updates that might need to
> > be made.
>
> Hi,
>
> if you used the latest code you can see that code is almost ready
> to add another KDF.
>
> So definitely there is a plan to add more KDFs in future as needed,
> if they are proven to be secure, idealy defined in some standard or RFC,
> but I would like to see more widely use before it can become part of main
> branch.
>
> Anyway, you can always post patches for testing.
> Please attach it to
> http://code.google.com/p/cryptsetup/issues/detail?id=119
> (or send it to this list if you do not want use Google account).
>
> But I definitely prefer if scrypt (or another KDF) is part of crypto
> library and
> cryptsetup uses just wrapper over this library.
>
> (PBKDF2 is implemented in core because of historic reasons and
> it is only fallback now - only if configured crypto backend doesn't
> provide PBKDF2, internal implementation is used. The same should apply
> for other KDF as well.)
>
> Thanks,
> Milan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130620/b5bf1e85/attachment.html>


More information about the dm-crypt mailing list